I try to design a system which reads events comming from devices, stores them and exposes API to various applications. Originally I wanted to introduce a module Id translator, so I would store only anonymous device id in a database. It would be then protected from unauthorized data harvesting.

Then I wanted to have another module called Roles Registry responsible for handling API permissions for each application. I had an idea in mind that application wishing to work with concrete device id would need different permission than application using anonymous identifiers.

Another module Event Access API would be single entry point for data access and it would evaluate if the API permission was granted to the application.

But as I start to think of it I think that this concept is weak. It is hard to explain because myriads What if questions arrive in my mind, I consider some as probable, I reject others etc. I need to clearly specify my requirements and find consequences.

I want

anonymous database so neither admin can search for data of specific event id

search by concrete device id would require different permission set than anonymous search by other criteria

But I see main problem with returned data:

If API returns artificial id then caller can save it and then he can use anonymous API next time

You want to use dynamic data masking. There are different products in that space. Have a look at Oracle VPD (Virtual Private Database), Informatica DDM, or Axiomatics Data Access Filter which all provide means to define policies as to what you can see / cannot see.

These tools are meant to protect data, which seems to be along the lines of what you want to achieve.

If you want a good list of capabilities, vendors, open source alternatives, check out the Gartner reports - in particular the Magic Quadrant which Informatica gives you complimentary access to. See here.